<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body>
<p>==========================================================================<br>
Ubuntu Security Notice USN-5905-1<br>
March 02, 2023<br>
<br>
php7.0 vulnerabilities<br>
==========================================================================<br>
<br>
A security issue affects these releases of Ubuntu and its
derivatives:<br>
<br>
- Ubuntu 16.04 ESM<br>
<br>
Summary:<br>
<br>
Several security issues were fixed in PHP.<br>
<br>
Software Description:<br>
- php7.0: HTML-embedded scripting language interpreter<br>
<br>
Details:<br>
<br>
It was discovered that PHP incorrectly handled certain gzip files.<br>
An attacker could possibly use this issue to cause a denial of
service.<br>
(CVE-2022-31628)<br>
<br>
It was discovered that PHP incorrectly handled certain cookies.<br>
An attacker could possibly use this issue to compromise data
integrity.<br>
(CVE-2022-31629)<br>
<br>
It was discovered that PHP incorrectly handled certain inputs.<br>
An attacker could possibly use this issue to cause a crash or<br>
execute arbitrary code. (CVE-2022-31631)<br>
<br>
It was discovered that PHP incorrectly handled resolving long
paths. A<br>
remote attacker could possibly use this issue to obtain or modify
sensitive<br>
information. (CVE-2023-0568)<br>
<br>
It was discovered that PHP incorrectly handled a large number of
field and file<br>
parts in HTTP form uploads. A remote attacker could possibly use
this issue to<br>
cause PHP to consume resources, leading to a denial of service.
(CVE-2023-0662)<br>
<br>
Update instructions:<br>
<br>
The problem can be corrected by updating your system to the
following<br>
package versions:<br>
<br>
Ubuntu 16.04 ESM:<br>
libapache2-mod-php7.0 7.0.33-0ubuntu0.16.04.16+esm5<br>
php7.0
7.0.33-0ubuntu0.16.04.16+esm5<br>
php7.0-cgi
7.0.33-0ubuntu0.16.04.16+esm5<br>
php7.0-cli
7.0.33-0ubuntu0.16.04.16+esm5<br>
php7.0-fpm
7.0.33-0ubuntu0.16.04.16+esm5<br>
php7.0-sqlite3
7.0.33-0ubuntu0.16.04.16+esm5<br>
php7.0-zip
7.0.33-0ubuntu0.16.04.16+esm5<br>
<br>
In general, a standard system update will make all the necessary
changes.<br>
<br>
References:<br>
<a href="https://ubuntu.com/security/notices/USN-5905-1"
rel="noreferrer" target="_blank">https://ubuntu.com/security/no<wbr>tices/USN-5905-1</a><br>
CVE-2022-31628, CVE-2022-31629, CVE-2022-31631, CVE-2023-0568,<br>
CVE-2023-0662</p>
<div id=":1c3" class="Am Al editable LW-avf tS-tW tS-tY"
aria-label="Message Body" role="textbox" aria-multiline="true"
tabindex="1" spellcheck="false" aria-owns=":1ey"
aria-controls=":1ey" contenteditable="true"><wbr><wbr><wbr><wbr></div>
</body>
</html>